<h2>How does a public key verify a signature?</h2> <p>To understand how a public key verifies a signature, let's consider the following scenario:</p> <ol> <li>A sender, <code>Alice</code>, has a private key, <code>d</code>, and a public key, <code>e</code>.</li> <li><code>Alice</code> wants to send a signed message, <code>m</code>, to a receiver, <code>Bob</code>.</li> <li><code>Alice</code> calculates the hash of the message, <code>h = H(m)</code>, using a cryptographic hash function, <code>H</code>.</li> <li><code>Alice</code> encrypts the hash with her private key, <code>s = d(h)</code>, using an asymmetric encryption algorithm, <code>d</code>.</li> <li><code>Alice</code> sends the signed message, <code>(m, s)</code>, to <code>Bob</code>.</li> </ol> <p>When <code>Bob</code> receives the signed message, he performs the following steps to verify the signature:</p> <ol start="6"> <li><code>Bob</code> calculates the hash of the message, <code>h' = H(m)</code>, using the same cryptographic hash function, <code>H</code>.</li> <li><code>Bob</code> decrypts the signature, <code>s</code>, using <code>Alice's</code> public key, <code>e</code>, using an asymmetric decryption algorithm, <code>e</code>. This gives him <code>h'</code>.</li> <li><code>Bob</code> compares the calculated hash, <code>h'</code>, with the decrypted hash, <code>h</code>.</li> <li>If the two hashes match, <code>h' = h</code>, the signature is considered valid, and the message is authenticated as coming from <code>Alice</code>.</li> <li>If the hashes do not match, <code>h' != h</code>, the signature is considered invalid, and the message is not authenticated.</li> </ol> <p>In summary, a public key verifies a signature by decrypting the signature using the sender's public key and comparing the decrypted hash with the calculated hash of the message. If the hashes match, the signature is valid, and the message is authenticated. Otherwise, the signature is invalid, and the message is not authenticated.</p>